Cyber War? Jonathan Zittrain Weighs In

We face paired dangers.  The first is that our networks are successfully attacked.  The second is that our fear of attack will cause us to destroy what makes the Internet special.  Sadly, most experts are concerned with only one danger, and ready to deal with it by ignoring the other.  We have to become more subtle, and soon.

A note on definitions: the danger of network attack is both accentuated and obscured by the term "cyber."  It depicts a realm greater than the sum of its parts -- hence cyberwar or cybersecurity sounding much more grave than "Internet war" or "Internet security."  The cyber- prefix -- these days also used as a standalone noun -- can mean too many things at once.  So let's break it out.  First are attacks on the network itself: What could make the Internet go down?  Second are attacks on devices attached to the Internet.  What could make a Web site -- a bank, or Amazon, or theatlantic.com - become inoperative?  Could my own PC suddenly stop working after getting some bad bits over the network?  Third is spying: what data might be compromised from afar, whether letters and spreadsheets on your PC, a raft of credit card numbers and prescription data from an online pharmacy, or plans for a missile defense system stowed on the server of a government contractor. Finally there are attacks on physical infrastructure that's intertwined with the Internet, such as an electric grid or air traffic control.

Scenarios like the Clarke's conflate all of these.  To be fair, it's not like an enemy wouldn't hesitate to mix and match various forms of attack.  Any state in the world might think itself entitled to try and all if it thought it would yield advantage.  But the vulnerabilities behind each type of problem, and the ways to fix them, vary greatly.

While it's not easy to rank these dangers against one another, the most lurid attacks -- those against physical infrastructure like the electric grid -- are the easiest in theory to protect against.  Such systems aren't meant to be exposed to the public, and access to their use can be restricted as much as the balance between paranoia and efficiency dictates.

The other three are trickier.  They share in common the fact that attacks are typically anonymous.  A stream of bad bits leads back to a compromised machine run by an innocent party.  This is called the "attribution problem," and some experts and government officials have called for a wholesale reworking of the way the Internet works in order to have every packet of data that traverses it permanently engraved with the identity of its source.  This is true of other networks: dial from a typical mobile phone and the operator can see which phone placed that call, and often phones are registered to individual people.  Solve the attribution problem, the theory goes, and it becomes easier to track down bad guys.  Then they can be caught or deterred.

This, however, means that our fear of attack will cause us to destroy what makes the Internet special, both technologically and socially.  Technologically, the Internet works thanks to loose but trusted connections among its many constituent parts, with easy entry and exit for new ISPs or new forms of expanding access.  To achieve the level of identity possible with mobile phones one would have to eliminate the practice of sharing Internet connections, such as through an open wi-fi access point.  Terminals in libraries and cyber cafes would have to have verified sign-in rosters so that activities could be traced back to individuals.  Or worse, Internet access would have to be predicated on providing a special ID akin to a government-issued driver's license - perhaps in the form of a USB key.  No key, no bits.

Criminals and states wanting to act covertly wouldn't be stopped cold, but they'd have to invest much more in achieving the level of anonymity that comes so naturally today.  The price would be high for them, and it would be even higher for us.  The Internet's distinct configuration may have facilitated anonymous threats, copyright infringement, and cyberattacks, but it has also kindled the flame of freedom in ways that the framers of the American constitution would appreciate - the Federalist papers were famously authored pseudonymously.  One repressive state after another has had to face the dilemma of wanting abundant Internet for economic advancement, while ruing the ways in which its citizens can become empowered to express themselves fearlessly.  An Internet without the attribution problem has a new issue: citizens can be readily identified and punished for their political activities.  Content filtering and monitoring that is currently expensive if it is to be at all effective would become easy roughly in step with the ease of identifying truly bad actors.  The attribution problem can't go away.  It just becomes a different problem: attribution is too easy.

So: I wouldn't be at all surprised if China had honed expertise across all the different kinds of what people call cyberwar.  But the question is what we should draw from that.  One state doesn't need the provocation of another to ramp up a cyberattack posture, and good defenses -- especially if one has sensitive information, as a government would -- are important.  I just wouldn't want to see a cybersecurity threat as a wedge through which to initiate changes to Internet architecture that pressure a bunch of other values we hold dear.